diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-12-07 13:31:02 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-12-07 13:31:02 +0000 |
commit | 637f374ad49d5f6d4f81d87d7cdd226428aa470c (patch) | |
tree | 2f471a88015ddb5c1e0b3b8b36717db006b0361e /ssl/t1_enc.c | |
parent | 7e4cae1d2f555cbe9226b377aff4b56c9f7ddd4d (diff) |
Initial experimental TLSv1.1 support
Diffstat (limited to 'ssl/t1_enc.c')
-rw-r--r-- | ssl/t1_enc.c | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index d9cb059d0c..028f6493d1 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -143,6 +143,7 @@ #include <openssl/evp.h> #include <openssl/hmac.h> #include <openssl/md5.h> +#include <openssl/rand.h> #ifdef KSSL_DEBUG #include <openssl/des.h> #endif @@ -617,7 +618,27 @@ int tls1_enc(SSL *s, int send) if (s->enc_write_ctx == NULL) enc=NULL; else + { + int ivlen; enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); + /* For TLSv1.1 and later explicit IV */ + if (s->version >= TLS1_1_VERSION) + ivlen = EVP_CIPHER_iv_length(enc); + else + ivlen = 0; + if (ivlen > 1) + { + if ( rec->data != rec->input) + /* we can't write into the input stream: + * Can this ever happen?? (steve) + */ + fprintf(stderr, + "%s:%d: rec->data != rec->input\n", + __FILE__, __LINE__); + else if (RAND_bytes(rec->input, ivlen) <= 0) + return -1; + } + } } else { @@ -746,7 +767,13 @@ int tls1_enc(SSL *s, int send) return -1; } } - rec->length-=i; + rec->length -=i; + if (s->version >= TLS1_1_VERSION) + { + rec->data += bs; /* skip the explicit IV */ + rec->input += bs; + rec->length -= bs; + } } } return(1); |